RESOLVED FIXED64678
Fix bugs in Object.prototype this handling. 
https://bugs.webkit.org/show_bug.cgi?id=64678
Summary Fix bugs in Object.prototype this handling.
Gavin Barraclough
Reported 2011-07-17 23:29:02 PDT
undefined/null this values should throw TypeErrors, not convert to the global object.
Attachments
Preliminary patch (5.03 KB, patch)
2011-07-17 23:31 PDT, Gavin Barraclough 		no flags
DetailsFormatted DiffDiff
The patch (20.43 KB, patch)
2011-07-18 14:19 PDT, Gavin Barraclough 		webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
Added missing updated results, fixed bug in harness. (22.69 KB, patch)
2011-07-18 16:38 PDT, Gavin Barraclough 		no flags
DetailsFormatted DiffDiff
Ooops, revert some debug code from last patch (14.23 KB, patch)
2011-07-18 16:56 PDT, Gavin Barraclough 		oliver: review+
DetailsFormatted DiffDiff
Fix ES5.1 correctness issues (15.36 KB, patch)
2011-07-19 16:59 PDT, Gavin Barraclough 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2011-07-17 23:31:00 PDT
Created attachment 101129 [details] Preliminary patch
Gavin Barraclough
Comment 2 2011-07-18 14:19:20 PDT
Created attachment 101202 [details] The patch
WebKit Review Bot
Comment 3 2011-07-18 16:15:12 PDT
Comment on attachment 101202 [details] The patch Attachment 101202 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/9112479 New failing tests: fast/js/object-prototype-properties.html fast/js/object-prototype-toLocaleString.html
Gavin Barraclough
Comment 4 2011-07-18 16:38:08 PDT
Created attachment 101232 [details] Added missing updated results, fixed bug in harness.
Gavin Barraclough
Comment 5 2011-07-18 16:56:19 PDT
Created attachment 101238 [details] Ooops, revert some debug code from last patch
Gavin Barraclough
Comment 6 2011-07-18 17:26:56 PDT
Fixed in r91224
Ryosuke Niwa
Comment 7 2011-07-18 18:18:36 PDT
Filed crbug.com/89673 to track Chromium test failures.
Mads Ager
Comment 8 2011-07-19 02:44:34 PDT
Comment on attachment 101238 [details] Ooops, revert some debug code from last patch View in context: https://bugs.webkit.org/attachment.cgi?id=101238&action=review A couple of drive-by comments. > LayoutTests/fast/js/script-tests/object-prototype-properties.js:6 > +shouldThrow("toString()"); According the the ES5.1 spec this should not throw an exception and return "[object Undefined]": Section 15.2.4.2: 1. If the this value is undefined, return "[object Undefined]". > LayoutTests/fast/js/script-tests/object-prototype-properties.js:9 > +shouldThrow("hasProperty('hasProperty')"); I guess this should be hasOwnProperty?
Gavin Barraclough
Comment 9 2011-07-19 12:26:47 PDT
(In reply to comment #8) > > +shouldThrow("toString()"); > > According the the ES5.1 spec this should not throw an exception and return "[object Undefined]": Good catch. I missed this coming out of draft, time to update my copy of the spec. :-) > > +shouldThrow("hasProperty('hasProperty')"); > > I guess this should be hasOwnProperty? Gah, yes it should. Thanks for the comments, will fix!
Gavin Barraclough
Comment 10 2011-07-19 16:59:53 PDT
Created attachment 101409 [details] Fix ES5.1 correctness issues
Darin Adler
Comment 11 2011-07-19 17:31:29 PDT
Comment on attachment 101409 [details] Fix ES5.1 correctness issues View in context: https://bugs.webkit.org/attachment.cgi?id=101409&action=review > Source/JavaScriptCore/runtime/ObjectPrototype.cpp:199 > + if (thisValue.isUndefinedOrNull()) > + return jsNontrivialString(exec, thisValue.isUndefined() ? "[object Undefined]" : "[object Null]"); > return JSValue::encode(jsMakeNontrivialString(exec, "[object ", thisValue.toObject(exec)->className(), "]")); I worry a bit about the performance implications of allocating a string every time.
Gavin Barraclough
Comment 12 2011-07-20 00:51:47 PDT
(In reply to comment #11) > I worry a bit about the performance implications of allocating a string every time. That's a fair concern, but I think we should probably stick with the simple solution for now & optimize if necessary. We don't cache the results of Object.prototype.toString for other classes of object, which I imagine is something we could do. Undefined/null are probably the least likely types to be converted (since behavior here is not going to be uniform across browsers right now), so any caching that is specific to undefined/null values is likely to be suboptimal.
Gavin Barraclough
Comment 13 2011-07-20 00:52:37 PDT
ES5.1 corrections per Mads Ager's comments landed in r91344.
Note You need to log in before you can comment on or make changes to this bug.